patterns/waf_patterns/apache/enforcement.conf

# Apache ModSecurity rules for ENFORCEMENT
SecRuleEngine On

SecRule REQUEST_URI "@lt 1" "id:1035,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1036,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_methods}" "id:1037,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1038,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1039,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1040,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1041,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1042,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1043,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1173,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1174,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$" "id:1175,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$" "id:1176,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^d+$" "id:1177,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1178,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0?$" "id:1179,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1180,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@eq 0" "id:1181,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" "id:1182,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@streq POST" "id:1183,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1184,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1185,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@eq 0" "id:1186,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@eq 0" "id:1187,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (d+)-(d+)" "id:1188,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt %{tx.1}" "id:1189,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b" "id:1190,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1191,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1192,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1193,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1194,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1195,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1196,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUtf8Encoding" "id:1197,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx %u[fF]{2}[0-9a-fA-F]{2}" "id:1198,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 1-255" "id:1199,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1200,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1201,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1202,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1203,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@pm AppleWebKit Android Business Enterprise Entreprise" "id:1204,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1205,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1206,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1207,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1208,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0$" "id:1209,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1210,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)" "id:1211,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1212,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.max_num_args}" "id:1213,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1214,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.arg_name_length}" "id:1215,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1216,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.arg_length}" "id:1217,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1218,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.total_arg_length}" "id:1219,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1220,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1221,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1222,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1223,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1224,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$" "id:1225,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^[^;s]+" "id:1226,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1227,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charsets*=s*["']?([^;"'s]+)" "id:1228,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1229,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charset.*?charset" "id:1230,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_http_versions}" "id:1231,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx .([^.]+)$" "id:1232,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_extensions}" "id:1233,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*|)$" "id:1234,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^.*$" "id:1235,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1236,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 50" "id:1237,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1238,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@streq JSON" "id:1239,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1240,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@contains #" "id:1241,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 1" "id:1242,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1243,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1244,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1245,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@endsWith .pdf" "id:1246,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@endsWith .pdf" "id:1247,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}" "id:1248,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx %[0-9a-fA-F]{2}" "id:1249,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 9,10,13,32-126,128-255" "id:1250,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1251,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ['";=]" "id:1252,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0$" "id:1253,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1254,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^.*$" "id:1255,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_headers_extended}" "id:1256,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1257,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1258,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 32-36,38-126" "id:1259,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1260,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:OPTIONS|CONNECT)$" "id:1261,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@pm AppleWebKit Android" "id:1262,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1263,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)up" "id:1264,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 0" "id:1265,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$" "id:1266,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)" "id:1267,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1268,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1269,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@endsWith .pdf" "id:1270,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1271,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122" "id:1272,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" "id:1273,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:?[01])?$" "id:1274,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]" "id:1275,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:35:03 UTC 2024] 2024-12-21 00:35:03 +00:00			`# Apache ModSecurity rules for ENFORCEMENT`
			`SecRuleEngine On`

Update: [Sun Jan 5 00:29:17 UTC 2025] 2025-01-05 00:29:17 +00:00			`SecRule REQUEST_URI "@lt 1" "id:1035,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1036,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@within %{tx.allowed_methods}" "id:1037,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1038,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1039,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1040,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1041,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1042,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1043,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1173,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1174,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?](?:?[^sv#])?(?:#[^sv])?\|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?\|[--9A-Z_a-z]+:[0-9]+)\|options \|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z](?::[0-9]+)?)?/[^#?](?:?[^sv#])?(?:#[^sv])?)[sv]+[.-9A-Z_a-z]+)$" "id:1175,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut\|[aeiou]grav\|[ain-o]tild)e\|[c-elnr-tz]caron\|(?:[cgk-lnr-t]cedi\|[aeiouy]um)l\|[aceg-josuwy]circ\|[au]ring\|a(?:mp\|pos)\|nbsp\|oslash);\|[^"';=])*$" "id:1176,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^d+$" "id:1177,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^(?:GET\|HEAD)$" "id:1178,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^0?$" "id:1179,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^(?:GET\|HEAD)$" "id:1180,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@eq 0" "id:1181,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" "id:1182,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@streq POST" "id:1183,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1184,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1185,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@eq 0" "id:1186,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@eq 0" "id:1187,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx (d+)-(d+)" "id:1188,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt %{tx.1}" "id:1189,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx b(?:keep-alive\|close),s?(?:keep-alive\|close)b" "id:1190,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx x25" "id:1191,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateUrlEncoding" "id:1192,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1193,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx x25" "id:1194,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateUrlEncoding" "id:1195,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1196,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateUtf8Encoding" "id:1197,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx %u[fF]{2}[0-9a-fA-F]{2}" "id:1198,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateByteRange 1-255" "id:1199,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1200,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^$" "id:1201,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^$" "id:1202,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1203,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@pm AppleWebKit Android Business Enterprise Entreprise" "id:1204,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^$" "id:1205,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1206,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1207,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^$" "id:1208,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^0$" "id:1209,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1210,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx (?:^([d.]+\|[[da-f:]+]\|[da-f:]+)(:[d]+)?$)" "id:1211,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1212,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt %{tx.max_num_args}" "id:1213,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1214,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt %{tx.arg_name_length}" "id:1215,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1216,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt %{tx.arg_length}" "id:1217,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1218,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt %{tx.total_arg_length}" "id:1219,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1220,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1221,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1222,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1223,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1224,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^[w/.+-]+(?:s?;s?(?:action\|boundary\|charset\|component\|start(?:-info)?\|type\|version)s?=s?['"w.()+,/:=?<>@#-]+)*$" "id:1225,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^[^;s]+" "id:1226,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1227,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx charsets=s["']?([^;"'s]+)" "id:1228,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1229,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx charset.*?charset" "id:1230,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@within %{tx.allowed_http_versions}" "id:1231,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx .([^.]+)$" "id:1232,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@within %{tx.restricted_extensions}" "id:1233,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*\|)$" "id:1234,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^.*$" "id:1235,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1236,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt 50" "id:1237,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			SecRule REQUEST_URI "!@rx ^(?:(?:\|[^!-"(-),/:-?[-]{}]+)/(?:\|[^!-"(-),/:-?[-]{}]+)\|)(?:[sv];[sv](?:charset[sv]=[sv]"?(?:iso-8859-15?\|utf-8\|windows-1252)b"?\|(?:[^sv -"(-),/:-?[-]c{}]\|c(?:[^!-"(-),/:-?[-]h{}]\|h(?:[^!-"(-),/:-?[-]a{}]\|a(?:[^!-"(-),/:-?[-]r{}]\|r(?:[^!-"(-),/:-?[-]s{}]\|s(?:[^!-"(-),/:-?[-]e{}]\|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}][sv]=[sv][^!(-),/:-?[-]{}]+);?)(?:[sv],[sv](?:(?:\|[^!-"(-),/:-?[-]{}]+)/(?:\|[^!-"(-),/:-?[-]{}]+)\|)(?:[sv];[sv](?:charset[sv]=[sv]"?(?:iso-8859-15?\|utf-8\|windows-1252)b"?\|(?:[^sv -"(-),/:-?[-]c{}]\|c(?:[^!-"(-),/:-?[-]h{}]\|h(?:[^!-"(-),/:-?[-]a{}]\|a(?:[^!-"(-),/:-?[-]r{}]\|r(?:[^!-"(-),/:-?[-]s{}]\|s(?:[^!-"(-),/:-?[-]e{}]\|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}][sv]=[sv][^!(-),/:-?[-]{}]+);?))*$" "id:1238,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
			`SecRule REQUEST_URI "!@streq JSON" "id:1239,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1240,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@contains #" "id:1241,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt 1" "id:1242,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1243,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1244,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s,?s){6}" "id:1245,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@endsWith .pdf" "id:1246,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@endsWith .pdf" "id:1247,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s,?s){63}" "id:1248,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx %[0-9a-fA-F]{2}" "id:1249,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateByteRange 9,10,13,32-126,128-255" "id:1250,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1251,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ['";=]" "id:1252,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^0$" "id:1253,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1254,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^.*$" "id:1255,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@within %{tx.restricted_headers_extended}" "id:1256,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1257,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1258,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateByteRange 32-36,38-126" "id:1259,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@eq 0" "id:1260,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^(?:OPTIONS\|CONNECT)$" "id:1261,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@pm AppleWebKit Android" "id:1262,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1263,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^(?i)up" "id:1264,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@gt 0" "id:1265,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^(?:(?:max-age=[0-9]+\|min-fresh=[0-9]+\|no-cache\|no-store\|no-transform\|only-if-cached\|max-stale(?:=[0-9]+)?)(?:s,s\|$)){1,7}$" "id:1266,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx br\|compress\|deflate\|(?:pack200-)?gzip\|identity\|*\|^$\|aes128gcm\|exi\|zstd\|x-(?:compress\|gzip)" "id:1267,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1268,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1269,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@endsWith .pdf" "id:1270,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s,?s){6}" "id:1271,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122" "id:1272,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" "id:1273,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "!@rx ^(?:?[01])?$" "id:1274,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`
			`SecRule REQUEST_URI "@rx (?:^\|[^x5c])x5c[cdeghijklmpqwxyz123456789]" "id:1275,phase:1,deny,status:403,log,msg:'enforcement attack detected'"`